Google Summer of Code — Week 5 & 6

2 min readJul 21, 2021

Time flies by pretty quickly. Week 5 and 6 of the official coding period of GSoC are also over. Over these 2 weeks, I worked on making improvements to the code, documenting the work done so far, and writing tests for the modules developed in OWASP-OWTF.

Work completed during this period

The coding is going pretty nicely and as per the schedule. I spent these weeks expanding the test coverage for API developed, worked on some enhancements, and completed the documentation for login and signup modules.

Enhancements

Added some additional security headers to APIRequestHandler like X-XSS-Protection, X-Content-Type-Options, Referrer-Policy, etc. among others, and protected all the backend API routes from unauthenticated access by using a decorator which checks the validity of the token and only allows request to pass if the user has used the valid token. This decorator ensures that any API requests can only proceed if the user is authenticated.

Documentation

Learned about Sphinx for documentation generation. Using reStructuredText, I have created documentation for setting SMTP Configuration, explained the workflow for the signup, email verification, login, and forgot password (added images wherever needed). Besides that, I also modified the doc-string for the various functions present in owtf/api/handlers/auth.py.

Testing and other improvements

I have written the test cases for the login, signup and, other APIs developed. I have also started learning Jest and Enzyme for testing the React components. Besides, I am also working on some suggestions provided by mentors like allowing login by email and username both, making username unique, and changing the layout of the logout button.

You can view my PRs here:

Security Enhancements preventing unauthenticated access by amanpro30 · Pull Request #1152 ·…

Description Added some additional security headers to APIRequestHandler and protected all the backend API routes from…

github.com

Documentation for login and signup module by amanpro30 · Pull Request #1153 · owtf/owtf

Description Added the required documentation for the login and signup module as well as improved the docstring in…

github.com

Things I learned

I have learned about the Spinx tool for creating intelligent and beautiful documentation.
I have also expanded my understanding of the Jest and Enzyme for testing React Components.

Future Plans

In the coming weeks, I look to finish testing all the React components developed so far, fixing bugs, and working on changes to the module as per the feedback by the mentors, and learning Selenium for further testing.